rule Linux_Exploit_CVE_2019_13272_583dd2c0 {
    meta:
        author = "Elastic Security"
        id = "583dd2c0-9e94-4d38-bdff-e6c3b7c7d594"
        fingerprint = "afc96d47ad2564f69d2fb9a39e882bfc5b4879f0a8abbf36d5e3af6a52dccd63"
        creation_date = "2021-01-12"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2019-13272"
        reference_sample = "3191b9473f3e59f55e062e6bdcfe61b88974602c36477bfa6855ccd92ff7ca83"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 48 89 85 40 FF FF FF 48 8B 45 D8 48 83 C0 20 48 89 85 38 FF }
    condition:
        all of them
}

